package com.mbbmap.security.action;

import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import java.util.Properties;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;

import org.apache.struts.action.ActionForm;
import org.apache.struts.action.ActionForward;
import org.apache.struts.action.ActionMapping;

import com.mbbmap.app.home.ParamHome;
import com.mbbmap.app.home.PwdValidationParamHome;
import com.mbbmap.app.home.SecAccessHome;
import com.mbbmap.app.home.SecGroupHome;
import com.mbbmap.security.dao.SecAccessDao;
import com.mbbmap.security.dao.SecGroupLevelDao;
import com.mbbmap.security.dao.SecGroupsDao;
import com.mbbmap.security.dao.SecUserDao;
import com.mbbmap.security.manager.SecurityListManager;
import com.mbbmap.util.Constants;
import com.mbbmap.util.EncryptionHelper;
import com.mbbmap.util.SecAccessHelper;

public class SecurityScreens extends CommonDispatchAction {
	
	
	// SEC001: GROUP AND MODULES	
	/*
	 * @author: Luiz Santos
	 * @date: 12/16/2013
	 * @desc: Load Group and Security Modules 
	 */
	public ActionForward secmain1(ActionMapping mapping,
	    ActionForm form, HttpServletRequest request,
	    HttpServletResponse response) throws Exception {
	    
		String moduleCode = "SEC001";  
		  
	    HttpSession session = request.getSession(false);
	    System.out.println("UpdateSecGroupAction.java: init");
		ArrayList arlSecGroupList = new ArrayList();
		ArrayList arlSecModuleList = new ArrayList();
		String strEMerchant = (String) session.getAttribute(Constants.MERCHANT_KEY);
		System.out.println("UpdateSecGroupAction.java: init strEMerchant : " + strEMerchant);
		String strMerchant = "";
		if ((strEMerchant != null) && (!strEMerchant.equals(""))){
			//strMerchant= EncryptionHelper.decrypt(strEMerchant,ConfigManager.getInstance().get(EbppKeys.ENCRYPTION_PASSPHRASE));
		    strMerchant= strEMerchant;
		}else{
			System.out.println("Merchant string is invalid.");
			strMerchant = "";
			return mapping.findForward(Constants.KEY_ACTION_SESSION_ERR);
		}
		if(!isTokenValid(request)){
			System.out.println("Token validation failed!");
			session.invalidate();
	    	return mapping.findForward(Constants.KEY_ACTION_SESSION_ERR);
	    }else{
	    	resetToken(request);
	    	System.out.println("Token validation passed!");
	    }
		
		boolean accessAllow = SecAccessHelper.isAccessAllow(moduleCode, request);
		System.out.println("Security access is "+accessAllow);
		accessAllow = true;
		System.out.println("Security access changed to "+accessAllow);
		if (!accessAllow) {
			System.out.println("Access is not allowed.");
	        return mapping.findForward(Constants.KEY_ACTION_MAPPING_ERR);
	    }
		
		System.out.println("UpdateSecGroupAction.java: init strMerchant : " + strMerchant);
		arlSecGroupList = SecGroupHome.getInstance().findSecGroupList(strMerchant);
		session.setAttribute(Constants.SECURITY_GROUP, arlSecGroupList);
		System.out.println("Hey this is it: " + arlSecGroupList);
		arlSecModuleList = SecGroupHome.getInstance().findSecModuleList(strMerchant);
		session.setAttribute(Constants.SECURITY_MODULE, arlSecModuleList);

		//System.out.println("UpdateSecGroupAction.java: init arlSecGroupList & arlSecModuleList: " + arlSecGroupList.size() +"=>"+arlSecModuleList.size());

	   // return mapping.findForward(Constants.KEY_ACTION_SUCCESS);
		  SecUserDao oSecUserDao = (SecUserDao) session.getAttribute(Constants.LOGGED_USER);
		  String strFwd = "";
		  if (oSecUserDao == null){
			  strFwd="sessionError";
		  }else{
			  strFwd="secmain1";		  
			  
		  }
		  	return mapping.findForward(strFwd);
			    
	}
	
	//	SEC002:  GROUP LEVEL
	/*
	 * @author: Luiz Santos
	 * @date: 12/16/2013
	 * @desc: Load Group Level
	 */
	  public ActionForward secmain2(ActionMapping mapping,
	    ActionForm form, HttpServletRequest request,
	    HttpServletResponse response) throws Exception {
		 String moduleCode = "SEC002";
	    HttpSession session = request.getSession(false);
		ArrayList arlSecGroupList = new ArrayList();
		ArrayList arlSecModuleList = new ArrayList();
		ArrayList secGroupAccessList = new ArrayList();
		String strESelectedGroupCode ="";
		String strEMerchant = (String) session.getAttribute(Constants.MERCHANT_KEY);
		String strMerchant = "";
		if ((strEMerchant != null) && (!strEMerchant.equals(""))){
			//strMerchant= EncryptionHelper.decrypt(strEMerchant,ConfigManager.getInstance().get(EbppKeys.ENCRYPTION_PASSPHRASE));
		    strMerchant= strEMerchant;
		}else{
			strMerchant = "";
			return mapping.findForward(Constants.KEY_ACTION_SESSION_ERR);
		}
		if(!isTokenValid(request)){
			System.out.println("Token validation failed!");
			session.invalidate();
	    	return mapping.findForward(Constants.KEY_ACTION_SESSION_ERR);
	    }else{
	    	resetToken(request);
	    	System.out.println("Token validation passed!");
	    }
		
		boolean accessAllow = SecAccessHelper.isAccessAllow(moduleCode, request);
		
		System.out.println("The access level is "+accessAllow);
		accessAllow = true;
		System.out.println("Changing the access level to "+accessAllow);
		
		if (!accessAllow) {
	        return mapping.findForward(Constants.KEY_ACTION_MAPPING_ERR);
	    }

		arlSecGroupList = SecGroupHome.getInstance().findSecGroupList(strMerchant);
		session.setAttribute(Constants.SECURITY_GROUP, arlSecGroupList);
		arlSecModuleList = SecGroupHome.getInstance().findSecModuleList(strMerchant);
		session.setAttribute(Constants.SECURITY_MODULE, arlSecModuleList);
		session.setAttribute(Constants.SELECTED_ACCESS_LIST, secGroupAccessList);
		session.setAttribute(Constants.SELECTED_SEC_GRP, strESelectedGroupCode);

		SecUserDao oSecUserDao = (SecUserDao) session.getAttribute(Constants.LOGGED_USER);
		  String strFwd = "";
		  if (oSecUserDao == null){
			  strFwd="sessionError";
		  }else{
			  strFwd="secmain2";		  
			  
		  }
		  	return mapping.findForward(strFwd);
	  }
	
	
	  
	  
		//	SEC003: Access Rights
		/*
		 * @author: Luiz Santos
		 * @date: 12/16/2013
		 * @desc: Loads Access Rights
		 */
	  public ActionForward secmain3(ActionMapping mapping,
	    ActionForm form, HttpServletRequest request,
	    HttpServletResponse response) throws Exception {
		String moduleCode = "SEC003";
	    HttpSession session = request.getSession(false);
		ArrayList arlSecGroupList = new ArrayList();
		ArrayList arlSecModuleList = new ArrayList();
		ArrayList secGroupAccessList = new ArrayList();
		String strESelectedGroupCode ="";
		String strEMerchant = (String) session.getAttribute(Constants.MERCHANT_KEY);
		String strMerchant = "";
		if ((strEMerchant != null) && (!strEMerchant.equals(""))){
			//strMerchant= EncryptionHelper.decrypt(strEMerchant,ConfigManager.getInstance().get(EbppKeys.ENCRYPTION_PASSPHRASE));
		    strMerchant= strEMerchant;
		}else{
			strMerchant = "";
			return mapping.findForward(Constants.KEY_ACTION_SESSION_ERR);
		}
		if(!isTokenValid(request)){
			System.out.println("Token validation failed!");
			session.invalidate();
	    	return mapping.findForward(Constants.KEY_ACTION_SESSION_ERR);
	    }else{
	    	resetToken(request);
	    	System.out.println("Token validation passed!");
	    }
		
		boolean accessAllow = SecAccessHelper.isAccessAllow(moduleCode, request);
		
		System.out.println("The access level is "+accessAllow);
		accessAllow = true;
		System.out.println("Changing the access level to "+accessAllow);
		
		if (!accessAllow) {
	        return mapping.findForward(Constants.KEY_ACTION_MAPPING_ERR);
	    }

		arlSecGroupList = SecGroupHome.getInstance().findSecGroupList(strMerchant);
		session.setAttribute(Constants.SECURITY_GROUP, arlSecGroupList);
		arlSecModuleList = SecGroupHome.getInstance().findSecModuleList(strMerchant);
		session.setAttribute(Constants.SECURITY_MODULE, arlSecModuleList);
		session.setAttribute(Constants.SELECTED_ACCESS_LIST, secGroupAccessList);
		session.setAttribute(Constants.SELECTED_SEC_GRP, strESelectedGroupCode);
		
		SecUserDao oSecUserDao = (SecUserDao) session.getAttribute(Constants.LOGGED_USER);
		  String strFwd = "";
		  if (oSecUserDao == null){
			  strFwd="sessionError";
		  }else{
			  strFwd="secmain3";		  
			  
		  }
		  	return mapping.findForward(strFwd);
	  }
	  
	// SEC004: USER CREATION
	  public ActionForward secmain4(ActionMapping mapping,
			    ActionForm form, HttpServletRequest request,
			    HttpServletResponse response) throws Exception {
				String moduleCode = "SEC004";
			    HttpSession session = request.getSession(false);
				System.out.println("UpdateUsersAction.java: init");

				//Logon User ID CSR_ROLE or User Assigned Group.
				String strUIDGroupCode ="";
				//String strEUIDGroupCode = (String) session.getAttribute(Constants.CSR_ROLE);
				String strEUIDGroupCode = (String) session.getAttribute(Constants.LOGON_USER_ROLE);
				System.out.println("UpdateUsersAction.java: init_0001 strEUIDGroupCode" + strEUIDGroupCode);

				ArrayList arlSecGroupList = new ArrayList();
				ArrayList secGroupLevelList = new ArrayList();

				String strESelectedGroupCode ="";
				String strEMerchant = (String) session.getAttribute(Constants.MERCHANT_KEY);
				Properties paramProp = (Properties) session.getAttribute(Constants.PROPERTIES_PARAMETER);
				String strMerchant = "";
				String strRegExp = "";

				if ((strEMerchant != null) && (!strEMerchant.equals(""))){
					//strMerchant= EncryptionHelper.decrypt(strEMerchant,ConfigManager.getInstance().get(EbppKeys.ENCRYPTION_PASSPHRASE));
				    strMerchant= strEMerchant;
				}else{
					strMerchant = "";
					return mapping.findForward(Constants.KEY_ACTION_SESSION_ERR);
				}
				if(!isTokenValid(request)){
					System.out.println("Token validation failed!");
					session.invalidate();
			    	return mapping.findForward(Constants.KEY_ACTION_SESSION_ERR);
			    }else{
			    	resetToken(request);
			    	System.out.println("Token validation passed!");
			    }
				if ((strEUIDGroupCode != null) && (!strEUIDGroupCode.equals(""))){
					//strUIDGroupCode= EncryptionHelper.decrypt(strEUIDGroupCode,ConfigManager.getInstance().get(EbppKeys.ENCRYPTION_PASSPHRASE));
				    strUIDGroupCode= strEUIDGroupCode;
				}else{
					strUIDGroupCode = "";
					return mapping.findForward(Constants.KEY_ACTION_SESSION_ERR);
				}
				
				boolean accessAllow = SecAccessHelper.isAccessAllow(moduleCode, request);
				if (!accessAllow) {
			        return mapping.findForward(Constants.KEY_ACTION_MAPPING_ERR);
			    }
				
				if (paramProp == null) {
				    return mapping.findForward(Constants.KEY_ACTION_SESSION_ERR);
				}

				System.out.println("UpdateUsersAction.java: init_0002 strUIDGroupCode" + strUIDGroupCode);

				arlSecGroupList = SecGroupHome.getInstance().findSecGroupList(strMerchant);

				if ((strEUIDGroupCode != null) && (!strEUIDGroupCode.equals(""))){
					secGroupLevelList = SecAccessHome.getInstance().findSecGroupLevelList(strMerchant,strUIDGroupCode);
					//This for loop is to get the Module Name of the Access Module.
					for(int i=0;i<secGroupLevelList.size();i++){
						//System.out.println("UpdateSecLevelAction.java: getGroup_002");
						SecGroupLevelDao secGrpLevelDao = (SecGroupLevelDao)secGroupLevelList.get(i);
						String tmpcGrpCode = "";
						tmpcGrpCode = secGrpLevelDao.getcGroupCode();
						//System.out.println("UpdateSecLevelAction.java: getGroup tmpcGrpCode" + tmpcGrpCode);
						if (tmpcGrpCode != null && !tmpcGrpCode.equals("")){
							for(int j=0;j<arlSecGroupList.size();j++){
								SecGroupsDao secgroupDao = (SecGroupsDao)arlSecGroupList.get(j);
								if (secgroupDao.getGroupCode().equals(tmpcGrpCode)){
									secGrpLevelDao.setChildGroupName(secgroupDao.getGroupName());
								}
							}
						}
					}
				}

				//strRegExp = PwdValidationParamHome.getInstance().getParam(Constants.PARAM_PASSWORD_REG_EXPR);
				strRegExp = paramProp.getProperty(ParamHome.TECH_PARAM_PASSWORD_REG_EXPR);
				
				session.setAttribute(Constants.PASSWORD_REG_EXP, strRegExp);

				session.setAttribute(Constants.SECURITY_UGROUP, secGroupLevelList);
				session.setAttribute(Constants.SELECTED_SEC_UGRP, strESelectedGroupCode);
				session.setAttribute(Constants.LOGON_ERR_MSG, "");
		SecUserDao oSecUserDao = (SecUserDao) session.getAttribute(Constants.LOGGED_USER);
			  String strFwd = "";
				 if (oSecUserDao == null){
					  strFwd="sessionError";
				 }else{
					  strFwd="secmain4";		  
					  
				 }
				  	return mapping.findForward(strFwd);
	  }	  
	  
	  
	
	//	SEC005:  SECURITY LIST
	public ActionForward secmain5(ActionMapping mapping,
		    ActionForm form, HttpServletRequest request,
		    HttpServletResponse response) throws Exception {

		HttpSession session = request.getSession(false);

		ArrayList arlSecGroupList = new ArrayList();
		ArrayList arlSecSubGroupList = new ArrayList();
		ArrayList arlSecAccessRightList = new ArrayList();
		ArrayList arlSecUserList = new ArrayList();

		String strEMerchant = (String) session.getAttribute(Constants.MERCHANT_KEY);

		String strMerchant = "";
		if ((strEMerchant != null) && (!strEMerchant.equals(""))){
		    strMerchant= strEMerchant;
		}else{
			strMerchant = "";
			System.out.println("SecurityList.init() : KEY_ACTION_SESSION_ERR");
		}
		if(!isTokenValid(request)){
			System.out.println("Token validation failed!");
			session.invalidate();
	    	return mapping.findForward(Constants.KEY_ACTION_SESSION_ERR);
	    }else{
	    	resetToken(request);
	    	System.out.println("Token validation passed!");
	    }

		arlSecGroupList = SecurityListManager.getInstance().findSecGroupList(strMerchant);
		arlSecSubGroupList = SecurityListManager.getInstance().findSecGroupLevelList(strMerchant, arlSecGroupList);
		arlSecAccessRightList = SecurityListManager.getInstance().findSecGroupAccessList(strMerchant, arlSecGroupList);
		arlSecUserList = SecurityListManager.getInstance().findSecGroupUserList(strMerchant,arlSecGroupList);

		SecGroupsDao secgroupsDao = null;
		Iterator itr = arlSecGroupList.iterator();
		while (itr.hasNext()) {
			secgroupsDao = (SecGroupsDao)itr.next();
			
			if (secgroupsDao.getGroupCode() != null)
				secgroupsDao.setGroupCode(EncryptionHelper.encrypt(secgroupsDao.getGroupCode()));
			if (secgroupsDao.getGroupName() != null)
				secgroupsDao.setGroupName(EncryptionHelper.encrypt(secgroupsDao.getGroupName()));
			if (secgroupsDao.getCreateddt() != null)
				secgroupsDao.setCreateddt(EncryptionHelper.encrypt(secgroupsDao.getCreateddt()));
			if (secgroupsDao.getCreatedby() != null)
				secgroupsDao.setCreatedby(EncryptionHelper.encrypt(secgroupsDao.getCreatedby()));
		}
		
		SecGroupLevelDao secGroupLevelDao = null;
		itr = arlSecSubGroupList.iterator();
		while (itr.hasNext()) {
			secGroupLevelDao = (SecGroupLevelDao)itr.next();
			
			if (secGroupLevelDao.getChildGroupName() != null)
				secGroupLevelDao.setChildGroupName(EncryptionHelper.encrypt(secGroupLevelDao.getChildGroupName()));			
			if (secGroupLevelDao.getcGroupCode() != null)
				secGroupLevelDao.setcGroupCode(EncryptionHelper.encrypt(secGroupLevelDao.getcGroupCode()));
			if (secGroupLevelDao.getPGroupCode() != null)
				secGroupLevelDao.setpGroupCode(EncryptionHelper.encrypt(secGroupLevelDao.getPGroupCode()));
			if (secGroupLevelDao.getCreateddt() != null)
				secGroupLevelDao.setCreateddt(EncryptionHelper.encrypt(secGroupLevelDao.getCreateddt()));
			if (secGroupLevelDao.getCreatedby() != null)
				secGroupLevelDao.setCreatedby(EncryptionHelper.encrypt(secGroupLevelDao.getCreatedby()));
		}

		SecAccessDao secaccessDao = null;
		itr = arlSecAccessRightList.iterator();
		while (itr.hasNext()) {
			secaccessDao = (SecAccessDao)itr.next();

			if (secaccessDao.getGroupCode() != null)
				secaccessDao.setGroupCode(EncryptionHelper.encrypt(secaccessDao.getGroupCode()));	
			if (secaccessDao.getModuleCode() != null)
				secaccessDao.setModuleCode(EncryptionHelper.encrypt(secaccessDao.getModuleCode()));	
			if (secaccessDao.getModuleName() != null)
				secaccessDao.setModuleName(EncryptionHelper.encrypt(secaccessDao.getModuleName()));	
			
			if (secaccessDao.getReadFlag() != null)
				secaccessDao.setReadFlag(EncryptionHelper.encrypt(secaccessDao.getReadFlag()));	
			if (secaccessDao.getUpdateFlag() != null)
				secaccessDao.setUpdateFlag(EncryptionHelper.encrypt(secaccessDao.getUpdateFlag()));	
			if (secaccessDao.getWriteFlag() != null)
				secaccessDao.setWriteFlag(EncryptionHelper.encrypt(secaccessDao.getWriteFlag()));	
			
			if (secaccessDao.getCreateddt() != null)
				secaccessDao.setCreateddt(EncryptionHelper.encrypt(secaccessDao.getCreateddt()));
			if (secaccessDao.getCreatedby() != null)
				secaccessDao.setCreatedby(EncryptionHelper.encrypt(secaccessDao.getCreatedby()));
		}
		
		SecUserDao secuserdao = null;
		itr = arlSecUserList.iterator();
		while (itr.hasNext()) {
			secuserdao = (SecUserDao)itr.next();
			
			if (secuserdao.getGroupCode() != null)
				secuserdao.setGroupcode(EncryptionHelper.encrypt(secuserdao.getGroupCode()));
			if (secuserdao.getLogonId() != null)
				secuserdao.setLogonid(EncryptionHelper.encrypt(secuserdao.getLogonId()));
			if (secuserdao.getPGroupname() != null)
				secuserdao.setPGroupname(EncryptionHelper.encrypt(secuserdao.getPGroupname()));
			if (secuserdao.getUserName() != null)
				secuserdao.setUserName(EncryptionHelper.encrypt(secuserdao.getUserName()));
			if (secuserdao.getLastLoginDateTime() != null)
				secuserdao.setLastLoginDateTime(EncryptionHelper.encrypt(secuserdao.getLastLoginDateTime()));
		}
		
		Map map = new HashMap();
		map.put(Constants.SECURITY_GROUP, arlSecGroupList);
		map.put(Constants.SECURITY_SUB_GROUP_LIST, arlSecSubGroupList);
		map.put(Constants.SECURITY_ACCESS_RIGHT_LIST, arlSecAccessRightList);
		map.put(Constants.SECURITY_USERS_LIST, arlSecUserList);
		
		request.setAttribute("map", map);
		SecUserDao oSecUserDao = (SecUserDao) session.getAttribute(Constants.LOGGED_USER);
		  String strFwd = "";
		  if (oSecUserDao == null){
			  strFwd="sessionError";
		  }else{
			  strFwd="secmain5";		  
			  
		  }
		  	return mapping.findForward(strFwd);
	}


	
	//	SEC006:  RESET USERS 
	public ActionForward secmain6(ActionMapping mapping,
		    ActionForm form, HttpServletRequest request,
		    HttpServletResponse response) throws Exception {
		HttpSession session = request.getSession(false);
		SecUserDao oSecUserDao = (SecUserDao) session.getAttribute(Constants.LOGGED_USER);
		  String strFwd = "";
		  if (oSecUserDao == null){
			  strFwd="sessionError";
		  }else{
			  strFwd="secmain6";		  
			  
		  }
		  if(!isTokenValid(request)){
			  System.out.println("Token validation failed!");
				session.invalidate();
		    	return mapping.findForward(Constants.KEY_ACTION_SESSION_ERR);
		    }else{
		    	resetToken(request);
		    	System.out.println("Token validation passed!");
		    }
		  	return mapping.findForward(strFwd);
	}


	//	SEC007:  PASSWORD PARAMETER SETUP
	public ActionForward secmain7(ActionMapping mapping,
		    ActionForm form, HttpServletRequest request,
		    HttpServletResponse response) throws Exception {
		
		HttpSession session = request.getSession(false);

		String strAllowIdPw			= PwdValidationParamHome.getInstance().getParam(ParamHome.SEC_ALLOW_SAME_USER_ID_PW);
		String totalHistPwdStored 	= PwdValidationParamHome.getInstance().getParam(ParamHome.TECH_PARAM_TOTAL_PASSWORD_HIST);
		String strPwExpiry		 	= PwdValidationParamHome.getInstance().getParam(ParamHome.SEC_PW_EXPIRY_DAY);
		String strBadPwAttempt		= PwdValidationParamHome.getInstance().getParam(ParamHome.SEC_BAD_PW_ATTEMPTS);
		String strChgPwFirLogon		= PwdValidationParamHome.getInstance().getParam(ParamHome.SEC_CHG_PW_FIR_LOGON);
		String strUserPwRegex	 	= PwdValidationParamHome.getInstance().getParam(ParamHome.TECH_PARAM_PASSWORD_REG_EXPR);
		String strUIdMinLen			= PwdValidationParamHome.getInstance().getParam(ParamHome.SEC_UID_MIN_LEN);
		String strUIdMaxLen 		= PwdValidationParamHome.getInstance().getParam(ParamHome.SEC_UID_MAX_LEN);
		String strUIdPwMinLen	 	= PwdValidationParamHome.getInstance().getParam(ParamHome.SEC_UserPwdMinLen);
		String strUIdPwMaxLen		= PwdValidationParamHome.getInstance().getParam(ParamHome.SEC_UserPwdMaxLen);
		String strLogOutTime		= PwdValidationParamHome.getInstance().getParam(ParamHome.SEC_LOGOUT_TIME);
		String strUserDorDays	 	= PwdValidationParamHome.getInstance().getParam(ParamHome.SEC_USER_DOR_DAYS);
		String strPwReset			= PwdValidationParamHome.getInstance().getParam(ParamHome.TECH_PASSWORD_RESET_FLAG);
		String strMaxWebCon 		= PwdValidationParamHome.getInstance().getParam(ParamHome.SEC_MAX_WEB_CON);
		String strUserInac 			= PwdValidationParamHome.getInstance().getParam(ParamHome.SEC_USER_INACTIVE);
		String strDayLimit	 		= PwdValidationParamHome.getInstance().getParam(ParamHome.SEC_DAY_LIMIT);
		String strDisableFr	 		= PwdValidationParamHome.getInstance().getParam(ParamHome.SEC_DISABLE_TIMESTAMP_FR);
		String strDisableTo	 		= PwdValidationParamHome.getInstance().getParam(ParamHome.SEC_DISABLE_TIMESTAMP_TO);
		
		session.setAttribute(ParamHome.SEC_ALLOW_SAME_USER_ID_PW,strAllowIdPw);
		session.setAttribute(ParamHome.TECH_PARAM_TOTAL_PASSWORD_HIST,totalHistPwdStored);
		session.setAttribute(ParamHome.SEC_PW_EXPIRY_DAY, strPwExpiry);
		session.setAttribute(ParamHome.SEC_BAD_PW_ATTEMPTS, strBadPwAttempt);
		session.setAttribute(ParamHome.SEC_CHG_PW_FIR_LOGON, strChgPwFirLogon);
		session.setAttribute(ParamHome.TECH_PARAM_PASSWORD_REG_EXPR,strUserPwRegex);
		session.setAttribute(ParamHome.SEC_UID_MIN_LEN, strUIdMinLen);
		session.setAttribute(ParamHome.SEC_UID_MAX_LEN, strUIdMaxLen);
		session.setAttribute(ParamHome.SEC_UserPwdMinLen, strUIdPwMinLen);
		session.setAttribute(ParamHome.SEC_UserPwdMaxLen, strUIdPwMaxLen);
		session.setAttribute(ParamHome.SEC_LOGOUT_TIME, strLogOutTime);
		session.setAttribute(ParamHome.SEC_USER_DOR_DAYS, strUserDorDays);
		session.setAttribute(ParamHome.TECH_PASSWORD_RESET_FLAG, strPwReset);
		session.setAttribute(ParamHome.SEC_MAX_WEB_CON, strMaxWebCon);
		session.setAttribute(ParamHome.SEC_USER_INACTIVE, strUserInac);
		session.setAttribute(ParamHome.SEC_DAY_LIMIT, strDayLimit);
		session.setAttribute(ParamHome.SEC_DISABLE_TIMESTAMP_FR, strDisableFr);
		session.setAttribute(ParamHome.SEC_DISABLE_TIMESTAMP_TO, strDisableTo);
		
		SecUserDao oSecUserDao = (SecUserDao) session.getAttribute(Constants.LOGGED_USER);
		  String strFwd = "";
		  if (oSecUserDao == null){
			  strFwd="sessionError";
		  }else{
			  strFwd="secmain7";		  
			  
		  }
		  if(!isTokenValid(request)){
			  System.out.println("Token validation failed!");
				session.invalidate();
		    	return mapping.findForward(Constants.KEY_ACTION_SESSION_ERR);
		    }else{
		    	resetToken(request);
		    	System.out.println("Token validation passed!");
		    }
		  	return mapping.findForward(strFwd);
	}
	
	// SEC008: AUDIT TRAIL
	public ActionForward secmain8(ActionMapping mapping,
		    ActionForm form, HttpServletRequest request,
		    HttpServletResponse response) throws Exception {
		
		HttpSession session = request.getSession(false);
		SecUserDao oSecUserDao = (SecUserDao) session.getAttribute(Constants.LOGGED_USER);
		  String strFwd = "";
		  if (oSecUserDao == null){
			  strFwd="sessionError";
		  }else{
			  strFwd="secmain8";		  
			  
		  }
		  if(!isTokenValid(request)){
			  System.out.println("Token validation failed!");
				session.invalidate();
		    	return mapping.findForward(Constants.KEY_ACTION_SESSION_ERR);
		    }else{
		    	resetToken(request);
		    	System.out.println("Token validation passed!");
		    }
		  	return mapping.findForward(strFwd);
	}

}
